[Openstack-security] FW: OpenSSL Heartblead (CVE-2014-0160)

Bryan D. Payne bdpayne at acm.org
Wed Apr 9 21:43:21 UTC 2014 

If we are going to do something, let's do an OSSN.  Given the discussion
here, I'm going to flip my opinion and suggest that we cut an OSSN in short
order.  Who would like to write it up?  I'm traveling today, so I'm out.

-bryan


On Wed, Apr 9, 2014 at 1:28 PM, Cody Bunch <cody.bunch at rackspace.com> wrote:

>  If not an OSSN a small faq of sorts as it pertains to OpenStack.
>
> -C
>
>  ------------------------------
> *From:* Clark, Robert Graham [robert.clark at hp.com]
> *Sent:* Wednesday, April 09, 2014 3:24 PM
> *To:* Bryan D. Payne; Thierry Carrez; Nathan Kinder
>
> *Cc:* openstack-security at lists.openstack.org
> *Subject:* Re: [Openstack-security] FW: OpenSSL Heartblead (CVE-2014-0160)
>
>   I think there may be some value in us creating an OSSN that runs
> through the issue, it's coming up a lot on the ML and while I agree with
> Bryan in principle that it's not completely within the realm of the OSSN
> process, there's value in having one well written summary that people can
> refer to on the ML and elsewhere rather than having lots of add hock
> conversations.
>
>
>
> Thoughts?
>
>
>
> *From:* Bryan D. Payne [mailto:bdpayne at acm.org]
> *Sent:* 09 April 2014 09:35
> *To:* Thierry Carrez
> *Cc:* openstack-security at lists.openstack.org
> *Subject:* Re: [Openstack-security] FW: OpenSSL Heartblead (CVE-2014-0160)
>
>
>
>  Should we consider issuing an OSSN describing steps for heartbleed
>
> mitigation in OpenStack deployments ? I know it's not very different
> from other affected SSL services, but I've already answered that
> question twice on MLs and people are apparently very confused about it
> so it looks like something that could use a reference official answer :)
>
>
>
> Unless we have something specifically related to OpenStack to add, I'd
> suggest just pointing people to http://heartbleed.com/.
>
>
>
> -bryan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20140409/733ac046/attachment.html>

More information about the Openstack-security mailing list